Question

我如何让我的程序ptrace一个克隆的应用程序，因为它看起来像执行一个clone（）系统调用，但我不知道我将如何ptrace它，任何人都可以帮助我，如果可能的话，提供一个工作的最小例子作为证明这样做的证明

SYSCALL pipe() IS NOT YET SUPPORTED

system call (end) (call number: 22) pipe (with return: 0) from pid 7596
SYSCALL clone() IS NOT YET SUPPORTED

system call (end) (call number: 56) clone (with return: 7597) from pid 7596
...
ATTEMPTING TO READ SYSTEM CALL rt_sigsuspend argument 1 (REGISTER: rdi)
ORIGINAL system call (start) (call number: 130) rt_sigsuspend(140734241713168, 8) from pid 7596
TRANSLATED system call (start) (call number: 130) rt_sigsuspend("", 8) from pid 7596
zsh: command not found: q

system call (end) (call number: 130) rt_sigsuspend (with return: -514) from pid 7596
ATTEMPTING TO READ SYSTEM CALL rt_sigsuspend argument 1 (REGISTER: rdi)
ORIGINAL system call (start) (call number: 130) rt_sigsuspend(140734241713168, 8) from pid 7596
TRANSLATED system call (start) (call number: 130) rt_sigsuspend("", 8) from pid 7596

system call (end) (call number: 130) rt_sigsuspend (with return: -38) from pid 7596

help
exit
^C
^Z

实现与clone（）系统调用兼容的strace

0 个答案: